Category
Security
Release Phase
Resolved
ProductSolaris 10 Operating System
Bug Id
6577595
Date of Resolved Release29-OCT-2007
Impact
A security vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may allow a local unprivileged user the ability to cause a system panic, thereby causing a Denial of Service (DoS) to the system as a whole.
Contributing Factors
This issue can occur in the following releases:
SPARC Platform
- Solaris 10 with patch 118833-04 or later and without patch 127111-02
x86 Platform
- Solaris 10 with patch 118855-03 or later and without patch 127112-02
Note: Solaris 8 and Solaris 9 are not impacted by this issue.
Symptoms
If the described issue occurs, the system will panic with a stack trace similar to the following:
panic[cpu3]/thread=300027ab340:
BAD TRAP: type=34 rp=2a1011a6f90 addr=139 mmu_fsr=0
ip_wput_ire+0x1bc0(600040f35a8, 60004042a18, 0, 10000, 0, 0)
ip_output+0x964(0, 60004042b88, 0, 0, 0, 60009b42470)
udp_output_v4+0x5c4(60009afaac0, 0, d0000, 6000499b650, 600040f35a8, 2a1011a769c)
udp_output+0x448(60009afaac0, 6000498b300, 60004903358, 300002a2680, 20104022, 10)
udp_wput_data+0xd8(60009afaac0, 6000498b300, 60004903358, 0, 0, 0)
sodgram_direct+0xbc(6000a343ca0, 60004903358, 10, 2a1011a7aa0, 6000498b300, 0)
sotpi_sendmsg+0x454(6000a343ca0, 2a1011a7a70, 2a1011a7aa0, 0, 1200020, 0)
sendit+0x134(3, 2a1011a7a70, 2a1011a7aa0, 60004903358, 6000a343ca0, 0)
sendto+0x64(3, 21208, 5, 0, ffbffa24, 10)
syscall_trap32+0xcc(3, 21208, 5, 0, ffbffa24, 10)
Workaround
There is no workaround. Please see the "Resolution" section below.
Resolution
This issue is addressed in the following releases:
SPARC Platform
- Solaris 10 with patch 127111-02 or later
x86 Platform
- Solaris 10 with patch 127112-02 or later
References
127112-02
127111-02
AttachmentsThis solution has no attachment